The Clearsale Blog

May 5, 2021 Fraud Management

Do Fraud Prevention Blacklists Cause More Problems Than They Solve?

Do Fraud Prevention Blacklists Cause More Problems Than They Solve?

Think blacklists are the best way to prevent ecommerce fraud?

If so, you’re definitely not alone. Blacklists are a popular “hands-off” way for ecommerce merchants to try to protect themselves from fraud.

But the ecommerce merchant whose blacklist blocked a loyal celebrity customer might have a different opinion.

That’s what happened to one of our clients before they decided to work with us. A celebrity customer who was making multiple high dollar purchases (upwards of $3,000 each) per week was blacklisted because the transaction frequency and amounts “seemed” suspicious.

Like most celebrities, this customer was using an assistant’s name to protect their identity. And they weren’t too happy about being blocked.

The loss was significant:

  • At a pace of $30,000 per week, that celebrity customer could have represented over a million dollars of sales in one year.
  • Any possibility of the client providing a much-desired endorsement – and all the revenue that would have generated? Gone.
  • The risk of negative exposure on social media if that celebrity complained was terrifyingly high – especially when you consider that 35% of average consumers say they would complain on social media after being declined for just one purchase.

The lesson our client learned? Fraud prevention blacklists can backfire in epic fashion.

What are Fraud Prevention Blacklists?

Merchants need to have a strategy to prevent chargebacks. Otherwise, they run the risk of carrying a high chargeback rate, which will result in high fees and monitoring programs with their credit card processors.

A fraud prevention blacklist is a shortcut that many ecommerce merchants use to protect themselves from repetitive chargebacks and other types of criminal fraud. It is a list of information pertaining to the transaction, including

 

Typical Blacklist Data Points:

a credit card icon Credit card details
a location icon Physical addresses
a person icon Customer names
a world's icon with www IP addresses
a @ icon Email addresses
a earth's icon with a pin Country information

When merchants are hit with chargebacks they often add the transaction information to a filter that is set to automatically deny any future transaction containing any of those data values.

It seems simple. But that’s the problem. It’s too simple. People move, they are multi-channel shoppers, their email addresses change – and blacklists cut too broad of a swath to even consider these finer points of consumer behavior.

Why Don’t Fraud Prevention Blacklists Work?

At ClearSale, we talk about false declines and how detrimental they are to your ecommerce business. A false decline happens when a legitimate transaction is mistaken for fraud. The customer is subjected to embarrassment, humiliation, and unnecessary concern about their credit card security.

The result is a lost sale and an upset customer who may be among the 37% that will never shop with you again. Fraud prevention blacklists exponentially increase the likelihood of false declines exponentially and can risk your losing the lifetime value of a good customer.

david-fletcher headshot

“Blacklists block not only fraudsters but also many good customers.”

– David Fletcher, Senior Vice President at ClearSale

 

You Could Be Blacklisting a Legitimate Customer

In 2020, every other transaction in the financial industry was related to an account takeover (ATO). That represents a 20% increase in ATO from the previous year. It’s not surprising, then, that ATO fraud attempts increased by 282% from 2019 to 2020.

Account takeover fraud attempts increased by 282% from 2019 to 2020.

ATO fraud happens when a fraudster hacks into an online database and steals customer data. This data is then used by that fraudster (and others) to take over the identity of legitimate customers and even change or set up new bank/credit card accounts in the customer’s name.

Why is this important? It highlights the risk of putting customers on a fraud prevention blacklist solely because of a chargeback and/or fraudulent transaction. By doing this, you will almost certainly be blacklisting legitimate customers – who are as much victims as your business is.

Instead, merchants need to apply more sophisticated ways to evaluate transactions, such as up-to-date intelligence, behavioral biometrics, purchase history, and account velocity. This pinpoint approach prevents fraud without catching legitimate customers in the net.

 

What Ecommerce Fraud Issues Will Retailers Face in 2021?

 

Transaction Data Is Not Necessarily Fraudster-Specific

Not all order details from a fraudulent transaction are unique to the fraudster. For example, large apartment buildings, university dorms, shippers, and other multi-unit buildings share an address but include a large number of people. Blocking one of those addresses can prevent hundreds of legitimate customers from making transactions.

Along the same lines, IP addresses are dynamic. The IP address a user has today can belong to someone else five days from now. Adding an IP address to a blacklist will almost certainly block a valid customer.

Fraudsters Can Get Around Fraud Prevention Blacklists

Fraudsters constantly change the details they provide when placing orders online. Think about how easy it is to create a new email accounts today. Fraudsters have a treasure trove of stolen credit card details, proxy servers, and shipping addresses to choose from.

Plus, it’s important to understand that unless you’re a fraud prevention expert, fraudsters will often be three steps ahead of you. So, adding their transaction details to a blacklist and blocking their transactions will only cause them to use a different combination of credit card and shipping address details.

Is There Ever a Good Reason to Use Blacklists?

In some unique situations, a blacklist may make sense. Usually, those situations have nothing to do with fraud or are peripherally related. But there are times when preventing customers from making transactions is needed.

A frustrated woman  

 

 

“Not Worth the Trouble” Customers

There are customers who are more hassle than their transactions are worth – whether it’s due to disagreements about quality, returns, or even the “customer who is never happy.” Putting these customers on a blacklist to keep them from coming back to your online store and creating more drama and work for you and your employees frees up your time to deliver great service to other valued customers.

 Someone stealing in a store

Known Criminals

Another example are the customers who’ve been caught stealing in a brick-and-mortar stores. You definitely don’t want them to do business with you again, since they have already shown their intent.

 

A person storming out an office

Fired Employees

If you’ve had to let an employee go for stealing and/or the employee has expressed a desire for vengeance of any type, you’ll definitely want to block them from making purchases and having any access to your ecommerce presence altogether.

 

 

Blocking these customers makes sense, but we recommend being very judicious with blacklists and considering a more comprehensive approach to fraud prevention.

Are Your Fraud Prevention Blacklists Helping?

If you have been using fraud prevention blacklists, here’s how to determine if your blacklist is helping or hurting:

·       Look at Your False Decline Rate

If your blacklist is working, your false decline rate should be low. If you are experiencing a high rate of false declines and social media complaints and blocked transactions, your first place to look should be your blacklist.

·       Check The Last Update Date For Your Blacklist

If the last time you updated your fraud prevention blacklist was more than two months ago and you include IP addresses, make sure to create a process for evaluating and updating your list. And most importantly, track why each entry is on the list. During each evaluation, see if that rationale is still relevant – you may have new information that can change things considerably.

Ultimately, fraud prevention blacklists should be handled gingerly. To truly fight fraud, you’ll need a more strategic approach.

False Declines and Ecommerce Fraud Prevention Report

 

The Best “Blacklist” Is Fraud Prevention

Fraud prevention is not a one-size-fits-all activity. Not only do you need to stay up-to-date on fraud trends, locally and globally, you also need to have the experience and bandwidth to do a complete analysis using technology and manual reviews.

If you’re thinking, “That’s a full-time job in itself!” you’re right. And depending on your sales volume and industry, it may be several full-time jobs. The sophistication and power behind today’s fraud attacks won’t be stopped by in-house solutions unless you’ve got a dedicated team of experts to hand.

That’s where a fraud prevention partner comes in. An expert team that can analyze transactions, identity potential fraudulent patterns, and maintain a warning list for further examination will help you take fraud off your plate, so you can focus on sales and grow your business. At ClearSale, we can help you find alternatives to a fraud prevention blacklist and keep your online business protected.

At ClearSale, we do not use blacklists. Learn how we work with our clients

You may also like

What can brands learn from the Facebook data leak?

What can brands learn from the Facebook data leak?

The data scraping attack that exposed 533 million Facebook users’ personal information may not seem like a problem for eCommerce brands. Much of the media analysis of the leak has focused on how..

ClearSale Marks Commitment to Growing Online Jewelry Industry with Events and Guide

ClearSale Marks Commitment to Growing Online Jewelry Industry with Events and Guide

Fraud protection leader provides resources to support the rapidly expanding global ecommerce jewelry market.

What Effective eCommerce Fraud Screening Looks Like Now

What Effective eCommerce Fraud Screening Looks Like Now

We’re starting 2021 in a very different place from where we started 2020 in terms of ecommerce growth and fraud prevention. The fast shift to ecommerce and away from brick-and-mortar shopping in..

The customer experience: How the pandemic changed ecommerce

The customer experience: How the pandemic changed ecommerce

The pandemic changed how customers viewed shopping and spending. But as the world moves into post-pandemic, retailers are concerned with creating a positive customer experience. Rafael Lourenco,..

How Social Media Hacks Compromise Your Fraud Protection Efforts

How Social Media Hacks Compromise Your Fraud Protection Efforts

In January 2021, a cybercrime intelligence CTO discovered a database of leaked Facebook data that had been hacked two years prior. The database contains more than 533 million verified Facebook..

An Inside Job at the Post Office (Pt.2)

An Inside Job at the Post Office (Pt.2)

In part two of our conversation, Bruno Farinelli from ClearSale gives merchants advice on how to sell in risky markets, avoid chargeback induced PR nightmares, and avoid the most common mistake he..

Customer Experience: Online vs In-store

Customer Experience: Online vs In-store

A1 Retail asked a range of industry experts how retailers can ensure that consumers are receiving the same level of personalised customer experience online as they would receive in-store.

Cross-Border Shopping Comes With Merchant Concerns

Cross-Border Shopping Comes With Merchant Concerns

THE PERILS OF FRAUD

International fraud protection leader ClearSale released an extensive analysis of its five-country study on consumer attitudes commissioned from Sapio Research titled, 2021..

An Inside Job at the Post Office (Pt.1)

An Inside Job at the Post Office (Pt.1)

What happens when the post office is in on the con? In part one of our conversation with Bruno Farinelli from ClearSale, he shares incredible stories of inside fraud jobs at the post office,..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog